Two factor authentication with OTP using privacyIDEA and FreeRADIUS on CentOS

In this howto we will show, how you can set up a the two factor authentication and management system privacyIDEA on Cent OS 6.5. privacyIDEA is a system that can manage authentication devices - especially OTP tokens of any kind.

We will set up the system to be served via Apache2, store the token information in a MySQL database and provide authentication via FreeRADIUS server, thus being able to add two factor authentication to all services accessible via RADIUS like SSL VPNs and pam_radius.

Prerequisites

We need some special perl modules to run the connection between FreeRADIUS and privacyIDEA, which can be found in EPEL. So we need to install the EPEL repositories:

Fix access rights

During the setup process the files were generated for user root. But we will run privacyIDEA in Apache with the service account privacyidea. So we need to change the acccess rights of these files. A script helps us with this task: